The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Anti-Email-Gathering script...

I've been told there is a script around that stops automated scripts trawling through your site and gathering email addresses - has anyone else heard of this anti-script? Is it a common enough script and whats it called?

Drawback: Visitors with JS turned off cannot use the link. I don't know how to solve this problem... maybe some kind of serverside scripting which I have no knowledge about...

Today I would make it something like putting the words "Contact webmaster" into a <span> with a ID and make an click event to handle it. The script would then (without the code making the event) be something like this:

Today I would make it something like putting the words "Contact webmaster" into a <span> with a ID and make an click event to handle it. The script would then (without the code making the event) be something like this:

Code:

window.location.href("mailto:webmaster@xyz.xyz");

Michael

But that wouldn't stop automated scripts trawling through your site and gathering that email address would it?

It has yet to be proven that intelligence has any survival value.Arthur C. Clarke

Here's what I do, and the e-mails I've protected with this method have yet to get harvested (judging by the amount of spam they receive - none!):

HTML Code:

<a href="mailto&#58;user&#64;domain&#46;com">E-mail me!</a>

Since these bots crawl the source code looking for things like "mailto:jim@bob.com" or even just "jim@bob.com", obfuscating it by encoding the characters this way stops these bots from finding these addresses. This also has the huge advantage of still being available to users who may have JavaScript disabled for whatever reason, and avoids the usability issues with using a script (screen readers and other assistive techs should be able to read these addresses just fine).

You could even take it a step further and encode some or all of the other characters in the address as well, but I've never seen a need for this since it so far works flawlessly!

Here's what I do, and the e-mails I've protected with this method have yet to get harvested (judging by the amount of spam they receive - none!):

HTML Code:

<a href="mailto:user@domain.com">E-mail me!</a>

For the confused readers that haven't looked at the source for the A element above, here it is:

Code:

<a href="mailto& #58;user& #64;domain& #46;com">E-mail me!</a>

OK, so I can't get the code to post correctly either . The objective is to use decimal based HTML entities for some of the characters. For the code above, I had to add a space after the & characters. Just remove the spaces and the entities will work.

Kromey, this is a great idea. I'd heard of this before and lately I have been looking to rediscover it for a few personal web sites I'm working on. Thanks for the reminder!

Best way is to use a contact form with a form2mail script that adds the email address after the form is submitted. That way there isn't even an obfuscated version of the email address on the page for the spambots to even attempt to read. Many of the latest ones can read the Javascript to attempt to extract the email addresses from there since the spammers don't like people hiding the email addresses from them.

The form2mail idea is a popular one, and could well get around the problem. Unfortunately a lot of companies (at least those in the UK) are legally requried to put in their site, a contact email address, a registered company number, a registered company address etc. This information doesn't have to be on every page, but it must be easily available to a visitor. So for all the UK registered companies out there, I would suggest the encoded characters route so as not to get fall foul of the law.

An image containing the email address would be more accessible and less likely to have the address captured by spammers. Just don't make it a link and don't put the address in the alt attribute. You could then put that on the page with your contact form.

Since using Javascript to obfuscate the address is less accessible for people with disabilities than the image would be you are less likely to run into problems with disabled people being able to contact you if you do it that way.

Surely the UK law doesn't require that you tell the spammers where to send their spam?